arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-19 12:58:13 +00:00
Code Issues Releases Wiki Activity

fix(core): Remove bias in ed25519.generate_secret()

Browse Source 
[no changelog]
This commit is contained in:
Andrew Kozlik 2024-07-29 18:32:47 +02:00 committed by Andrew Kozlik
parent b37971eea4
commit 6ed8aad608
2 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h
View File

@ -34,10 +34,6 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_generate_secret() {
vstr_t sk = {0};
vstr_init_len(&sk, 32);
random_buffer((uint8_t *)sk.buf, sk.len);
// taken from https://cr.yp.to/ecdh.html
sk.buf[0] &= 248;
sk.buf[31] &= 127;
sk.buf[31] |= 64;
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
}
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_ed25519_generate_secret_obj,

6
core/tests/test_trezor.crypto.curve.ed25519.py
View File

@ -69,12 +69,6 @@ class TestCryptoEd25519(unittest.TestCase):
)
pass
def test_generate_secret(self):
for _ in range(100):
sk = ed25519.generate_secret()
self.assertTrue(len(sk) == 32)
self.assertTrue(sk[0] & 7 == 0 and sk[31] & 128 == 0 and sk[31] & 64 == 64)
def test_sign_verify_random(self):
for l in range(1, 300):
sk = ed25519.generate_secret()